Legal thoughts, since 2005.

This week's Daily Record column is entitled "Facebook denied in request to dispute warrants for user data." My past Daily Record articles can be accessed here.

*****

Facebook denied in request to dispute warrants for user data

Last week in 381 Search Warrants Directed to Facebook, Inc. v. New York County Dist. Attorney’s Off., (2015 NY Slip Op 06201) the New York Appellate Division, First Department considered an appeal brought by Facebook. In this appeal, Facebook sought to overturn the trial court’s refusal allow it to dispute search warrants issued by the New York County District Attorney’s Office and seeking access to 381 Facebook user’s accounts.

In the warrants, it was alleged that there was “reasonable cause to believe” that the Facebook data of the 381 users included evidence of offenses that included grand larceny in the second degree, grand larceny in the third degree, filing of a false instrument in the first degree and conspiracy. The state sought access to 24 categories of information that constituted nearly every post and action taken by the selected users on Facebook. The warrants also contained a nondisclosure provision preventing Facebook from disclosing the warrants to their users.

The court focused its analysis on determining the proper statutory basis for the warrant requests, concluding that they were more akin to search warrants as opposed to subpoenas issued pursuant to the Federal Stored Communications Act. Accordingly, the court held that Facebook had no legal basis for its motion to quash the warrant: “We now hold that Supreme Court’s summary denial of Facebook’s motion ‘to quash’ the search warrants was proper because there is no constitutional or statutory right to challenge an alleged defective warrant before it is executed. The key role of the judicial officer in issuing a search warrant is described generally by the Fourth Amendment and more specifically by state statutes. None of these sources refer to an inherent authority for a defendant or anyone else to challenge an allegedly defective warrant before it is executed.”

The court explained the basis for its determination as follows: “Facebook cannot have it both ways. On the one hand, Facebook is seeking the right to litigate pre-enforcement the constitutionality of the warrants on its customers’ behalf. But neither the Constitution nor New York Criminal Procedure Law provides the targets of the warrant the right to such a pre-enforcement challenge. On the other hand, Facebook also wants the probable cause standard of warrants, while retaining the pre-execution adversary process of subpoenas. We see no basis for providing Facebook a greater right than its customers are afforded.”

The court acknowledged the validity of privacy concerns raised by Facebook but ultimately declined to opine on those issues since the ruling on the procedural nature of the warrants negated the need to address those claims. “(W)e are cognizant that decisions involving the Fourth Amendment have the power to affect the everyday lives of all U.S. residents, not just criminal suspects and defendants. Our holding today does not mean that we do not appreciate Facebook’s concerns about the scope of the bulk warrants issued here or about the District Attorney’s alleged right to indefinitely retain the seized accounts of the uncharged Facebook users. Facebook users share more intimate personal information through their Facebook accounts than may be revealed through rummaging about one’s home. These bulk warrants demanded ‘all’ communications in 24 broad categories from the 381 targeted accounts. Yet, of the 381 targeted Facebook user accounts only 62 were actually charged with any crime.”

Accordingly, as it stands, the determination of the whether a warrant for social media is too broad continues to rest with trial court judges — some of whom unfortunately have a minimal understanding of the workings of social media platforms.

Facebook has indicated its intent to appeal the Appellate Division’s ruling, no doubt in part due to the massive amounts of administrative time and effort required to comply with these types of warrants, the numbers of which are only increasing in frequency as social media evidence becomes an important tool for prosecutors. So stay tuned; today’s decision may be overturned in the near future. Who knows what tomorrow may bring?

This week's Daily Record column is entitled "Massachusetts Adopts New Disciplinary Rules on Tech Use." My past Daily Record articles can be accessed here.

*****

Massachusetts Adopts New Disciplinary Rules on Tech Use

Technological change has increased dramatically in recent years, making it difficult for lawyers to keep up. Confusion over the ethical obligations of lawyers when using new technologies only makes adoption of new tools such as cloud computing all the more difficult. Fortunately, many states have gradually rolled out revised ethics rules designed to address these issues.

Most recently, on July 1, the revised Massachusetts Rules of Professional Conduct became effective. These new rules included revisions to sections addressing the obligation to maintain the confidentiality of client information when using new technologies and the duty to stay abreast of changes in technology.

The new provisions and the comments thereto largely mirror the revised Model Rules adopted by the American Bar Association a few years ago. The revised rules include changes which clarify the obligations of lawyers when it comes to using technology in their law practices.

First, Comment 8 to Rule 1.1, which addresses the duty of competence, was revised to require lawyers to stay abreast of changes in technology. It now states that “(t)o maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, and engage in continuing study and education.”

Next, Rule 1.6(c) now provides that a “lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, confidential information relating to the representation of a client.” In newly added Comment 18 to Rule 1.6 it states that if a lawyer makes reasonable efforts to prevent access or disclosure of confidential information, then the inadvertent or unauthorized disclosure of confidential information is not a violation of this section.As explained in the comment, “[f]actors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients …”

Finally, the new rules also address an attorney’s obligation when using a third-party provider, such as a cloud computing software vendor, to store confidential client information. Rule 5.3, which requires lawyers to make reasonable efforts to ensure the security of their client’s confidential information when hiring an outside technology vendor, now includes Comment 3.

This comment explicitly states that “(a) lawyer may use nonlawyers outside the firm to assist the lawyer in rendering legal services to the client. Examples include the retention of retaining an investigative or paraprofessional service, hiring a document management company to create and maintain a database for complex litigation, sending client documents to a third party for printing or scanning, and using an Internet-based service to store client information.”

But, when lawyers do so, they are required to “make reasonable efforts to ensure that the services are provided in a manner that is compatible with the lawyer’s professional obligations. The extent of this obligation will depend upon the circumstances, including the education, experience and reputation of the nonlawyer; the nature of the services involved; the terms of any arrangements concerning the protection of client information; and the legal and ethical environments of the jurisdictions in which the services will be performed, particularly with regard to confidentiality … When retaining or directing a nonlawyer outside the firm, a lawyer should communicate directions appropriate under the circumstances to give reasonable assurance that the nonlawyer’s conduct is compatible with the professional obligations of the lawyer.”

The comments to this section, including the comment set forth above, do not imply that lawyers have a duty to supervise nonlawyers, such as software vendors, whom they’ve hired and who work outside of the firm. Instead, the comments indicate that lawyers must provide the appropriate levels of oversight given the circumstances to ensure services are provided in a way that protects confidential client information.

In the past I’ve expressed concern regarding mandates in other jurisdictions which require lawyers to supervise cloud computing providers in the performance of their duties, even though most lawyers have no IT expertise. I don’t see that being an issue in this case in light of the language used in this comment.

I've submitted a talk to Avvo's IgniteLaw event occurring in Las Vegas on September 3d and would really appreciate your support. You can vote for my talk along with 5 others here.

In my talk, I'll discuss how Donald Trump may be very well be the Yogi Berra of our time and explain why some of his more outlandish statements may actually offer nuggets of wisdom on running a law practice.

You can cast your vote here. As always, thanks so much for your support!

disclaimer

This site is intended purely as a resource guide for educational and informational purposes and is not intended to provide specific legal advice. This site should not be used as a substitute for competent legal advice from a professional attorney in your state. The use and receipt of the information offered on this site is not intended to create, nor does it create, an attorney-client relationship.

Please feel free to contact me via e-mail or otherwise. However, please be advised that an attorney-client relationship is not created through the act of sending electronic mail to me.

The comments on this blog are solely the opinions of the individuals leaving them. In no way does Legal Antics or Nicole L. Black endorse, condone, agree with, sponsor, etc. these comments.

Further, any information provided on this blog or in the comments should be taken at your own risk.